GitLab

FreeBSD and Linux builds don't require any of the extra libraries,
and in fact, these libraries will break the build on busybox.

Leave the libraries there for Cygwin build which is the case Kirk
added them for.

Mostly added a taget for the newnode MFS.

Also, fix a minor bug in the tmcd implementation.

Not sure if/how this ever worked since the gettimeofday call was added.

Details:

Return MAC/IP (ARP) information for a node's "peers" on the node control
net. We also return info for the control net gateway (if there is one)
and any servers on the node control network (e.g., subbosses).

As far as "peer" info, right now we just support calls by subbosses that
will return the info for the set of nodes they control. This could also
be used by experiment firewalls or gateways to return info for the nodes
they are protecting and setup filters accordingly.

Note that this call only returns info if invoked using SSL. This allows
the client to be sure it is getting the info from boss.

Tangentially related, is the addition of an index to the subbosses table
to speed up a really slow query.

Sigh...for whatever reason, the unpacking of the MFS cpio archive
doesn't pick up /.localized (probably because it is doing something
akin to "cpio /*") so we put it in /root instead. Actually we put it
in both places for compat.

IPs; if there is an ipalias defined in the interfaces table, and that
ip is routable, then we can create an entry in the routable map *and*
the unroutable map.

Also, add a little feedback.

All now include the localization code that Leigh added.

sdcollectd has been changed to make the parsing of incoming idle report
packets more robust.  This should squash all existing vulnerabilities on
the packet reception path.

Changes:

* NULL terminate the incoming packet buffer
* move from strcpy to strncpy.
* switch from strtoul, strtod, etc. to sscanf with explicit field lengths.
* Multi-level parsing of packets into records, then key/val pairs,
  then individual key and value parsing/checking.

We don't need to be told the AM, since we can only sign these
certs for ourselves

Look at the user's cert, rather than their credential, and allow
it to be looked up in the database rather than provided in a file

This script will generated a credential that allows a user to
override the max_sliver_lifetime value. Based on Srikanth's
genallow_extcred script, but heavily modified. genallow_extcred
should be updated to look more like this.

Change watchdog to catch HUP and reopen the log.
Add stuff to client Makefile to append a line to newsyslog.conf.

It has been removed entirely from the FreeBSD ports tree and we still need
it because it has a dhclient which takes multiple interfaces on the command
line (the current version just takes one interface). We should move to the
new version, but I am not up to that yet...

I'm sure they would respond that we are being stupid running non-raid on
an expensive raid controller...

Ugh, I am not a big fan of how we manage new OSes, but I started it!

image).

For shared lans, move the code that sets up the underlying lan into
the Experiment module, so it can be called from tbswap. This is
to fix some race conditions that can take place if two experiments
are mucking with the underlying lan at the same time.

The reason for the groups option is so that we can use this
for users that are in more the 16 groups (stupid group limit that
breaks everything!).

image_setup is run from tbprerun to verify and create image
descriptors, and then later from tbswap to actually download
and verify the image (ndz) file.

image_import does the actual work for a specific image (url).